Executes comprehensive red team exercises that simulate real-world adversary operations against an organization's people, processes, and technology. The red team operates with stealth as a primary objective, employing the full attack lifecycle from initial reconnaissance through objective completion while testing the organization's detection and response capabilities. This differs from penetration testing by focusing on adversary emulation rather than vulnerability identification. Activates for requests involving red team exercise, adversary simulation, adversary emulation, or full-scope offensive security assessment.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionexecuting-red-team-exerciseExecute the skills CLI command in your project's root directory to begin installation:
Fetches executing-red-team-exercise from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate executing-red-team-exercise. Access via /executing-red-team-exercise in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
8.6K
stars
| name | executing-red-team-exercise |
| description | 'Executes comprehensive red team exercises that simulate real-world adversary operations against an organization''s people, processes, and technology. The red team operates with stealth as a primary objective, employing the full attack lifecycle from initial reconnaissance through objective completion while testing the organization''s detection and response capabilities. This differs from penetration testing by focusing on adversary emulation rather than vulnerability identification. Activates for requests involving red team exercise, adversary simulation, adversary emulation, or full-scope offensive security assessment. ' |
| domain | cybersecurity |
| subdomain | penetration-testing |
| tags | - red-team - adversary-emulation - MITRE-ATT&CK - Cobalt-Strike - detection-assessment |
| version | 1.0.0 |
| author | mahipal |
| license | Apache-2.0 |
| d3fend_techniques | - File Metadata Consistency Validation - Application Protocol Command Analysis - Identifier Analysis - Content Format Conversion - Message Analysis |
| nist_csf | - ID.RA-01 - ID.RA-06 - GV.OV-02 - DE.AE-07 |
Do not use without executive-level authorization and a detailed Rules of Engagement document, against systems where disruption could affect safety or critical operations, or as a replacement for basic vulnerability management (fix known vulnerabilities first).
Legal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have written permission to test is illegal and may violate computer fraud laws.
Develop the operation plan based on a realistic threat model:
Build OPSEC-hardened attack infrastructure:
Gain initial foothold in the target environment:
Operate within the target environment while maintaining stealth:
Convert red team findings into defensive improvements:
| Term | Definition |
|---|---|
| Adversary Emulation | Simulating the specific TTPs of a known threat actor to test defenses against realistic threats relevant to the organization |
| C2 (Command and Control) | Infrastructure and communication channels used by the red team to remotely control implants deployed on compromised systems |
| OPSEC | Operational Security; practices employed by the red team to avoid detection by the defending team during the exercise |
| Domain Fronting | A technique for hiding C2 traffic behind legitimate CDN domains to evade network-based detection and domain blocking |
| Purple Teaming | Collaborative exercise where red and blue teams work together to improve detection by sharing attack techniques and defensive gaps |
| White Cell | The trusted agent or exercise control group that manages the exercise, handles deconfliction, and mediates between red and blue teams |
| Implant | Software deployed by the red team on compromised systems to maintain access, execute commands, and facilitate lateral movement |
| MTTD/MTTR | Mean Time to Detect / Mean Time to Respond; metrics measuring how long it takes the defending team to identify and contain threats |
Context: A national retail chain wants to test its defenses against FIN7, a financially motivated threat group known for targeting retail and hospitality organizations with point-of-sale malware, phishing, and data exfiltration.
Approach:
Pitfalls:
## Red Team Exercise Report - FIN7 Adversary Emulation
### Exercise Summary
**Duration**: November 4-22, 2025 (15 business days)
**Objective**: Access cardholder data environment and demonstrate data exfiltration capability
**Outcome**: OBJECTIVE ACHIEVED - Red team accessed POS management system and staged cardholder data for exfiltration
### ATT&CK Technique Coverage
| Technique | ID | Status | Detected? | MTTD |
|-----------|----|--------|-----------|------|
| Spear-Phishing Attachment | T1566.001 | Executed | No | - |
| Visual Basic Macro | T1059.005 | Executed | No | - |
| Process Injection | T1055 | Executed | No | - |
| Kerberoasting | T1558.003 | Executed | No | - |
| Remote Desktop Protocol | T1021.001 | Executed | YES | 47h |
| Data Staged | T1074 | Executed | No | - |
| Exfiltration Over C2 | T1041 | Executed | No | - |
### Detection Summary
- **Techniques Executed**: 14
- **Techniques Detected**: 3 (21.4%)
- **Mean Time to Detect**: 47 hours (for detected techniques)
- **Mean Time to Respond**: 4 hours (from detection to containment)
### Priority Recommendations
1. Deploy email detonation sandboxing for macro-enabled document analysis
2. Implement Kerberoasting detection via Windows Event ID 4769 monitoring
3. Enhance PowerShell logging (Script Block Logging, Module Logging)
4. Deploy memory-scanning EDR capability to detect process injection
Prerequisites
Time Estimate
15-45 minutes depending on use case complexity
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
mukul975/Anthropic-Cybersecurity-Skills
Solid pick for teams standardizing on skills: executing-red-team-exercise is focused, and the summary matches what you get after install.
Useful defaults in executing-red-team-exercise — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
executing-red-team-exercise fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.
executing-red-team-exercise has been reliable in day-to-day use. Documentation quality is above average for community skills.
executing-red-team-exercise is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
Registry listing for executing-red-team-exercise matched our evaluation — installs cleanly and behaves as described in the markdown.
executing-red-team-exercise reduced setup friction for our internal harness; good balance of opinion and flexibility.
Keeps context tight: executing-red-team-exercise is the kind of skill you can hand to a new teammate without a long onboarding doc.
We added executing-red-team-exercise from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
Useful defaults in executing-red-team-exercise — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
showing 1-10 of 34